U.S. Firm Blames Russian 'Sandworm' Hackers for Ukraine Power Outage

U.S. Firm Blames Russian 'Sandworm' Hackers for Ukraine Power Outage

U.S. cyber intelligence firm iSight Partners said on Thursday it has determined that a Russian hacking group known as Sandworm caused last month's unprecedented power outage in Ukraine.

"We believe that Sandworm was responsible," iSight's director of espionage analysis, John Hultquist, said in an interview.

The conclusion was based on analysis of malicious software known as Black Energy 3 and KillDisk, which were used in the attack, and intelligence from "sensitive sources," he said.

The Dec. 23 outage at Western Ukraine's Prykarpattya Oblenergo cut power to 80,000 customers for about six hours, according to a report from a U.S. energy industry security group.

Ukraine's SBU state security service has blamed Russia, but the nation's Energy Ministry said it would hold off on attribution until after it finishes a formal probe.

Other firms have linked that malware to the attack. But iSight is the first firm to so confidently assert that Sandworm was responsible.

ISight said it is not clear whether Sandworm is working directly for Moscow. The group is named Sandworm because references to the "Dune" science-fiction series are embedded in its malware.

"It is a Russian actor operating with alignment to the interest of the state," Hultquist said. "Whether or not it's freelance, we don't know."

To date, it has primarily engaged in espionage, including a string of attacks in the United States using Black Energy that prompted a December 2014 alert from the Department of Homeland Security, according to iSight.

That alert said a sophisticated malware campaign had compromised some U.S. industrial control systems. A DHS spokesman declined to comment Thursday on iSight's findings.

While no outages or physical destruction was reported in conjunction with those attacks in the United States, some experts said that may be simply because the attackers did not want to go that far.

"It's not a major stretch to conclude the difference in the outcomes of the attacks in the Ukraine versus those in the United States were an issue of intent not capability," said Eric Cornelius, managing director of cyber security firm Cylance Inc and former DHS official responsible for securing critical infrastructure.

"It would be naive to say the same attackers couldn't successfully execute in the United States," said Chris Blask, executive director of the Industrial Control System Information Sharing and Analysis Center.

ISight said Sandworm was also behind previously reported attacks on Ukrainian officials, EU and NATO members as well as media companies in Ukraine.

  • 08.01.2016
  • Share:

Comments (5)

    • 13.04.2024

    cialis soft tabs respond - <a href="https://supervalip.com/levitrasoft/">levitra soft online wave</a> viagra oral jelly online put

    • 11.04.2024

    buy ivermectin 12 mg - <a href="https://antibpl.com/szdoryx/">buy doxycycline</a> buy cefaclor 500mg without prescription

    • 11.04.2024

    |If you are dealing with a problem with frizzy hair, never rub it with a towel after washing it. It will damage and frizz out your hair. Instead, you should wrap it and push the towel to eliminate the moisture. When you are happy, brush and comb your hair. Air Jordan 12 Retro 'Cherry' 2023 Reps https://givesgifts.com/product/air-jordan-12-retro-cherry-2023-reps/

    • 04.04.2024

    buy cleocin 150mg online - <a href="https://cadbiot.com/">cleocin for sale</a> brand chloramphenicol

    • 04.04.2024

    |When packing your beauty kit, be careful you don't over pack with makeup. Choose things that you are drawn to but that also fit the tone of the season. Keep in mind looks for both nighttime and daytime wear. Just as with numerous other products, makeup can turn sour once it is opened. Bacteria can also form over time. Fake Yeezy Boost 350 V2 'Salt' https://www.topfakeyeezy.com/wp-content/uploads/2024/03/Yeezy-Boost-350-V2-Salt-Reps.png

Your comment